FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 09-17-2011, 09:17 AM
Florian Philipp
 
Default Alternatives to GLSA?

Hi list!

Since GLSAs are in their current state of disregard, I'm searching for
another way to be informed about security fixes. What do you think is
the best approach here?

Querying bugzilla for recently fixed security bugs like [1]?

Searching for the term 'security bug' or something similar in Changelogs?

Looking at some other web site or distribution and anticipate changes in
in the portage tree?

[1]
https://bugs.gentoo.org/buglist.cgi?list_id=428229;query_format=advanced;c hfield=bug_status;chfieldfrom=2011-06-01;chfieldto=Now;chfieldvalue=RESOLVED;component=S ecurity

Thanks in advance!
Florian Philipp
 
Old 09-17-2011, 01:13 PM
Alan McKinnon
 
Default Alternatives to GLSA?

On Sat, 17 Sep 2011 11:17:56 +0200
Florian Philipp <lists@binarywings.net> wrote:

> Hi list!
>
> Since GLSAs are in their current state of disregard, I'm searching for
> another way to be informed about security fixes. What do you think is
> the best approach here?
>
> Querying bugzilla for recently fixed security bugs like [1]?
>
> Searching for the term 'security bug' or something similar in
> Changelogs?
>
> Looking at some other web site or distribution and anticipate changes
> in in the portage tree?
>
> [1]
> https://bugs.gentoo.org/buglist.cgi?list_id=428229;query_format=advanced;c hfield=bug_status;chfieldfrom=2011-06-01;chfieldto=Now;chfieldvalue=RESOLVED;component=S ecurity

If you just want to be informed out the state of security of packages,
subscribe to the security lists of other distros. I find RedHat and
Fedora to be useful and up to date. If you see something that looks
like you need to take action, find the corresponding Gentoo package and
investigate further.

If you need to be on the cutting edge of security issues, then you need
to be on the various vuln disclosure lists around. But be warned, they
can be noisy and you have to train your brain in what to ignore


--
Alan McKinnnon
alan.mckinnon@gmail.com
 
Old 09-19-2011, 03:14 PM
Florian Philipp
 
Default Alternatives to GLSA?

Am 17.09.2011 15:13, schrieb Alan McKinnon:
> On Sat, 17 Sep 2011 11:17:56 +0200
> Florian Philipp <lists@binarywings.net> wrote:
>
>> Hi list!
>>
>> Since GLSAs are in their current state of disregard, I'm searching for
>> another way to be informed about security fixes. What do you think is
>> the best approach here?
>>
>> Querying bugzilla for recently fixed security bugs like [1]?
>>
>> Searching for the term 'security bug' or something similar in
>> Changelogs?
>>
>> Looking at some other web site or distribution and anticipate changes
>> in in the portage tree?
>>
>> [1]
>> https://bugs.gentoo.org/buglist.cgi?list_id=428229;query_format=advanced;c hfield=bug_status;chfieldfrom=2011-06-01;chfieldto=Now;chfieldvalue=RESOLVED;component=S ecurity
>
> If you just want to be informed out the state of security of packages,
> subscribe to the security lists of other distros. I find RedHat and
> Fedora to be useful and up to date. If you see something that looks
> like you need to take action, find the corresponding Gentoo package and
> investigate further.
>
> If you need to be on the cutting edge of security issues, then you need
> to be on the various vuln disclosure lists around. But be warned, they
> can be noisy and you have to train your brain in what to ignore
>
>

Thank you for your insight. As a gentoo-specific workaround, I've
written a little (well, not *so* little) bash script that filters the
ChangeLogs of all installed packages for fixed security bugs applied
recently (default: one week).

Regards,
Florian Philipp
 

Thread Tools




All times are GMT. The time now is 02:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org